Validate API with Authlogic

Question

I\'m using Authlogic for authentication in my app, using the standard User and UserSession models. I\'m building an API into my app, and I want to authenticate API access with

Answer 1

Sure, you can have two models acts_as_authentic. Set up the Company with the minimum Authlogic db fields , and use it's single_access_token for API access. Note that your API will not know which User is using the system, just the Company.

Answer 2

The way I do this is:

class Something
  acts_as_authentic do |m|
    # API keys are auto generated (See +regenerate_api_key+.)
    # The password is not used for authentication (its just an api_key lookup), so a dummy field is used
    m.login_field = :api_key
    m.validate_login_field = false
    m.validate_email_field = false
    m.crypted_password_field = :api_key_hash
    m.require_password_confirmation = false
    m.validate_password_field = false
    m.crypto_provider = ApiKeyCrypto
  end
end

class ApiKeyCrypto
  def self.encrypt(*tokens)
    'X'
  end

  def self.matches?(crypted, *tokens)
    crypted == 'X'
  end
end

#application_controller.rb
def current_session
  return @current_session if defined?(@current_session)
  ...
    format.any(*api_formats) do
      @current_session = SomethingSession.find
    end
  end
  @current_session
end
def api_formats
  [:xml, :json]
end

This works great for ActiveResource FYI.